[keycloak-dev] WebSocket integration
Pedro Igor Silva
psilva at redhat.com
Fri Jan 16 12:26:25 EST 2015
Some time ago Shane and I were investigating WebSocket security using PicketLink [1] and JEE. Specially when using CDI [2].
Some references:
[1] https://issues.jboss.org/browse/PLINK-628
[2] https://issues.jboss.org/browse/CDI-370
----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: keycloak-dev at lists.jboss.org
Sent: Friday, January 16, 2015 2:42:13 PM
Subject: Re: [keycloak-dev] WebSocket integration
Single page app would work with cookie and server side adapter. I don't
know how it would work with javascript. You'd have to send the token
with the HTTP Upgrade request.
On 1/16/2015 11:31 AM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I'm investigating the possibility of protecting a WebSocket endpoint
> with Keycloak and I found out that it works out of the box with
> cookie-based authentication, meaning, the web page that opens the web
> socket client should itself be protected, so that the cookie is sent
> on the WebSocket request and authentication is made (confidential).
>
> In my target scenario, however, the web page is a single-page app
> (public) talking with a backend (bearer-only) in another host.
>
> So, I'd like to know if there's anything planned on the WebSockets
> front for such scenario. For instance, a JavaScript utility that
> handles the setup of the socket (either with a custom protocol, or an
> initial message with the bearer token, or another alternative) and a
> server counterpart for this.
>
> If there isn't yet, I'll probably have some time to explore this.
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUuTzdAAoJEDnJtskdmzLMgSIH/2eGoZSzUcsXL2zs7tyLEAIL
> LTHBOY0vlr3KDRIWMcab8ijIAKt5u+JQnb4fJlEEXW1C8+QKNSDJYsfj/HcGnDcg
> TM2kzhy4HS9O8CnlRqKEm6FlRKfgV3R/64huFXCRXmIdkxiKGgMQvmhWmlrDFHVy
> ZRtaNk3e433LkD4/fYdWIobjdtxZTv4xAglWAgXCAVdXJCy8Sp+yiopU7LNMqb75
> mgWk89h8U5nl/J9HuAd8+oZH9qg35lwI1LZOPRRwpyl4td4x1tDR2lQc1SJmS47g
> N2ES3jTtGHWMDEfsxDyLIQ6TmC1+r1Yoid51jILqaxlYGWgH/eRtnwny0Qczj+w=
> =x0ZO
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list